Re: Log excerpts:
Soapy said:
I bet its Defiance.. they want to beat Hybrid.. and there host is in Europe somwheres oh and they are also next to Hybrid in gateway so thats my best guess.
This from Defiance Forum
Post subject: Reason why you can't connect: Login Server
--------------------------------------------------------------------------------
Well as you may of noticed everyone has a issue logging in the shard at the moment.
It appears someone very nice without any provocation from us, has decided to just attack us with a DDoS.
Basically filling up the 100Mbps NIC on the server, and also saturating the switch it was on.
It's probably the same person who is attacking other shards, just for shits and giggles.
However believe me - being a security analyst in my profession, I'm not taking this lightly as they have been.
I have already been in touch with several people in tracking down where this is coming from, and it appears to be several dozen high-speed compromised servers.
Our first task is contacting each of the servers Data Centres and getting them promptly disconnected so the Administrators can reinstall them.
In short - The person is pretty much giving up his Attack Network by attacking us, as we will make sure he won't have any "ammunition" left over the next few days, and believe me - We do contact everyone.
It's not hard get addresses from RIPE/Arrin and bcc with all the relevant logged information.
Like:
2005-11-27 20:11:46 DROP UDP 193.109.252.116 213.228.232.22 43748 2593 29 - - - - - - - RECEIVE
2005-11-27 20:11:46 DROP UDP 193.109.252.116 213.228.232.22 43748 2593 29 - - - - - - - RECEIVE
2005-11-27 20:11:46 DROP UDP 193.109.252.116 213.228.232.22 43748 2593 29 - - - - - - - RECEIVE
Which is just a snip of one of the recorded servers, I'm posting that part because I would guess the attacker will come read this thread to see the results of his stupidity and realise we aren't like the rest, and we won't just allow you to destroy everything we've worked for.
After we get his network disconnected, we will then concentrate on all the logs from the compromised systems, and then we will probably trace who compromised them and hence be a nice trail of bread crumbs all the way back to the attacker.
Then it's a simple case of compiling all our evidence and giving it to the Scotland yard computer crimes division, who unlike the FBI - Don't need a nice big $5,000 recorded loss to trace people like this, it just needs a CEO of one the most reputable online security firms in the United Kingdom.
I will post more information soon, the login server will be backup shortly.
We don't get nullrouted, so don't worry about big downtime.
Sorry about the bad grammar / spelling, had to post this fast as I'm currently on the phone to several people, we are treating this as a crime.
_________________
Lead Developer